feature-video
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill is configured to upload screenshots and video recordings of the user's development environment to a specific external R2 bucket (
r2:kieran-claude). This bucket and its associated public gateway URL (https://pub-4047722ebb1b4b09853f24d3b61467f1.r2.dev/) are hardcoded, meaning data is sent to a third-party location without user-controlled destination settings. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the
agent-browserpackage from NPM and executesagent-browser install, which typically downloads external browser binaries. This package is not from a trusted source, creating a risk of executing malicious code during the installation or runtime of the skill. - [COMMAND_EXECUTION] (LOW): The skill executes multiple local commands, including
gh(GitHub CLI),ffmpeg, andrclone. While functional, these commands operate with the user's local privileges and access credentials. - [PROMPT_INJECTION] (LOW): The skill ingests data from GitHub Pull Requests (titles, descriptions, and file lists) to plan the recording steps. This represents an indirect prompt injection surface where a malicious PR could influence the agent's browser interactions.
- Ingestion points:
gh pr viewoutput (SKILL.md, Task 2) - Boundary markers: None detected
- Capability inventory:
agent-browser open/click,gh pr edit,rclone copy(SKILL.md, Tasks 5, 6, 7) - Sanitization: None detected
Recommendations
- AI detected serious security threats
Audit Metadata